I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000122-AS-000082
Group -
Oracle WebLogic must protect audit tools from unauthorized modification.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
SRG-APP-000123-AS-000083
Group -
Oracle WebLogic must protect audit tools from unauthorized deletion.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
SRG-APP-000133-AS-000092
Group -
Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).
Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server must have a capability to divide roles based upon duties wherein one pr...Rule Medium Severity -
SRG-APP-000141-AS-000095
Group -
Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities.
Application servers provide a myriad of differing processes, features and functionalities. Some of these processes may be deemed to be unnecessary or too insecure to run on a production DoD system...Rule Medium Severity -
SRG-APP-000142-AS-000014
Group -
Oracle WebLogic must prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services.
Application servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed to be unnecessary or too insecure to run on a producti...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must utilize automated mechanisms to prevent program execution on the information system.
The application server must provide a capability to halt or otherwise disable the automatic execution of deployed applications until such time that the application is considered part of the establi...Rule Low Severity -
SRG-APP-000148-AS-000101
Group -
Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users).
To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. The application server must uniquely identify and authenticate ap...Rule High Severity -
SRG-APP-000153-AS-000104
Group -
Oracle WebLogic must authenticate users individually prior to using a group authenticator.
To assure individual accountability and prevent unauthorized access, application server users (and any processes acting on behalf of application server users) must be individually identified and au...Rule High Severity -
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must enforce minimum password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one of several factors that helps t...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
Oracle WebLogic must enforce password complexity by the number of upper-case characters used.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Use of a complex password helps to increase the time a...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.